10 Hackers are here. Where are you?The explosive growth of the Internet has brought many good things…As with most technological advances, there is also a dark side: criminal hackers.The term “hacker” has a dual usage in the computer industry today. Originally, the term was defined as:HACKER noun. 1. A person who enjoys learning the details of computer systems and how to stretch their capabilities…. 2. One who programs enthusiastically or who enjoys programming rather than just theorizing about programming.

11 What is a Hacker?Old School Hackers: 1960s style Stanford or MIT hackers. Do not have malicious intent, but do have lack of concern for privacy and proprietary information. They believe the Internet was designed to be an open system.Script Kiddies or Cyber-Punks: Between 12-30; predominantly white and male; bored in school; get caught due to bragging online; intent is to vandalize or disrupt systems.Professional Criminals or Crackers: Make a living by breaking into systems and selling the information.Coders and Virus Writers: See themselves as an elite; programming background and write code but won’t use it themselves; have their own networks called “zoos”; leave it to others to release their code into “The Wild” or Internet. (www.tlc.discovery.com)

12 What is Ethical Hacking?Ethical hacking – defined “methodology adopted by ethical hackers to discover the vulnerabilities existing in information systems’ operating environments.”With the growth of the Internet, computer security has become a major concern for businesses and governments.In their search for a way to approach the problem, organizations came to realize that one of the best ways to evaluate the intruder threat to their interests would be to have independent computer security professionals attempt to break into their computer systems.

13 Who are Ethical Hackers?“One of the best ways to evaluate the intruder threat is to have an independent computer security professionals attempt to break their computer systems”Successful ethical hackers possess a variety of skills. First and foremost, they must be completely trustworthy.Ethical hackers typically have very strong programming and computer networking skills.They are also adept at installing and maintaining systems that use the more popular operating systems (e.g., Linux or Windows 2000) used on target systems.These base skills are augmented with detailed knowledge of the hardware and software provided by the more popular computer and networking hardware vendors.

14 What do Ethical Hackers do?An ethical hacker’s evaluation of a system’s security seeks answers to these basic questions:What can an intruder see on the target systems?What can an intruder do with that information?Does anyone at the target notice the intruder’s at tempts or successes?What are you trying to protect?What are you trying to protect against?How much time, effort, and money are you willing to expend to obtain adequate protection?

15 How much do Ethical Hackers get Paid?Globally, the hiring of ethical hackers is on the rise with most of them working with top consulting firms.In the United States, an ethical hacker can make upwards of $120,000 per annum.Freelance ethical hackers can expect to make $10,000 per assignment.Some ranges from $15,000 to$45,000 for a standalone ethicalhack.

18 Required Skills of an Ethical HackerRouters: knowledge of routers, routing protocols, and access control listsMicrosoft: skills in operation, configuration and management.Linux: knowledge of Linux/Unix; security setting, configuration, and services.Firewalls: configurations, and operation of intrusion detection systems.MainframesNetwork Protocols: TCP/IP; how they function and can be manipulated.Project Management: knowledge of leading, planning, organizing, and controlling a penetration testing team.(Source:

20 Anatomy of an attack:Reconnaissance – attacker gathers information; can include social engineering.Scanning – searches for open ports (port scan) probes target for vulnerabilities.Gaining access – attacker exploits vulnerabilities to get inside system; used for spoofing IP.Maintaining access – creates backdoor through use of Trojans; once attacker gains access makes sure he/she can get back in.Covering tracks – deletes files, hides files, and erases log files. So that attacker cannot be detected or penalized.(Source:

21 Black hats – highly skilled, malicious, destructive “crackers” Hacker classesBlack hats – highly skilled,malicious, destructive “crackers”White hats – skills used fordefensive security analystsGray hats – offensively anddefensively; will hack for differentreasons, depends on situation.Hactivism – hacking for social and political cause.Ethical hackers – determine what attackers can gain access to, what they will do with the information, and can they be detected.(Source:

27 Certified Ethical Hacker Exam PrepThe Business Aspects of Penetration TestingThe Technical Foundations of HackingFootprinting and ScanningEnumeration and System HackingLinux and automated Security Assessment ToolsTrojans and BackdoorsSniffers, Session Hyjacking, and Denial of Service

78 SQL Injection Allows a remote attacker to execute arbitrary databasecommandsRelies on poorly formed database queries and insufficientinput validationOften facilitated, but does not rely on unhandledexceptions and ODBC error messagesImpact: MASSIVE. This is one of the most dangerousvulnerabilities on the web.